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Authentication and authorization: Securing passwords against dictionary attacks 
Benny Pinkas, Tomas Sander 

November 2002 Proceedings of the 9th ACM conference on Computer and 

communications security 
Publisher: ACM Press 

- ... ^ , u a ^ e7 ^ m Additional Information: full citation , abstract, references, citings, index 
Full text available: |£]pdf(216.72 KB) 

The use of passwords is a major point of vulnerability in computer security, as passwords 
are often easy to guess by automated programs running dictionary attacks. Passwords 
remain the most widely used authentication method despite their well-known security 
weaknesses. User authentication is clearly a practical problem. From the perspective of a 
service provider this problem needs to be solved within real-world constraints such as the 
available hardware and software infrastructures. From a user' ... 

2 Securing a global village and its resources: baseline security for inte rconnected 
gik signaling system #7 telecommunications networks 



Hank M. Kluepfel 

December 1993 Proceedings of the 1st ACM conference on Computer and 

communications security 
Publisher: ACM Press 

Full text available: g pdfM.19 MB) Additional Information: full citation , abstract , references , index terms 

The resulting national focus on Network Integrity issues, spawned the development of an 
industry commitment to affect and realize a minimum security baseline for interconnected 
SS7 networks. In addition the affected carriers in those outage have accelerated their 
pursuit of secure solutions to today's intelligent networking. [2]This paper will focus on the 
development of the baseline and the current effort to take the baseline into national, e.g., 
National Ins ... 



3 Integrating security in a large distributed system 
#v M. Satyanarayanan 



August 1989 ACM Transactions on Computer Systems (TOCS), volume 7 issue 3 

Publisher: ACM Press 

u, fin ^,r> nn mm Additional Information: full citation , abstract , references , citings, index 
Full text available: f| P df(2.90 MB) terms , rev iew 

Andrew is a distributed computing environment that is a synthesis of the personal 
computing and timesharing paradigms. When mature, it is expected to encompass over 
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5,000 workstations spanning the Carnegie Mellon University campus. This paper examines 
the security issues that arise in such an environment and describes the mechanisms that 
have been developed to address them. These mechanisms include the logical and physical 
separation of servers and clients, support for secure communication ... 

Measurement: A high-level programming environment for packet trace anonvmization 

and transformation 
Ruoming Pang, Vern Paxson 

August 2003 Proceedings of the 2003 conference on Applications, technologies, 

architectures, and protocols for computer communications 
Publisher: ACM Press 

r- I. * ^ t m ,r /oc . OT l^qv Additional Information: full citation , abstract , references , citings, index 
Full text available: TS 3pdf(251.27 KB) 

Li - J terms 

Packet traces of operational Internet traffic are invaluable to network research, but public 
sharing of such traces is severely limited by the need to first remove all sensitive 
information. Current trace anonymization technology leaves only the packet headers 
intact, completely stripping the contents; to our knowledge, there are no publicly 
available traces of any significant size that contain packet payloads. We describe a new 
approach to transform and anonymize packet traces. Our tool provide ... 

Keywords: anonymization, internet, measurement, network intrusion detection, packet 
trace, privacy, transformation 



5 Computers and Privacy: A Survey 
Lance J. Hoffman 
^ June 1969 ACM Computing Surveys (CSUR), volume l issue 2 

Publisher: ACM Press 

Full text available: |^ pdf(1.74 MB) Additional Information: full citation , references , citings, index terms 



6 The role of the host computer in defending against P.C.s 
j&i Don Holden 

September 1986 Proceedings of the Northeast ACM symposium on Personal computer 

security 
Publisher: ACM Press 

Full text available: ^ pdf(868.30 KB) Additional Information: full citation , index terms 



7 With microscope and tweezers: the worm from MIT's perspective 
^ Jon A. Rochlis, Mark W. Eichin 

June 1989 Communications of the ACM, volume 32 issue 6 

Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 



Full text available: 1 pdf(1.22 MB) terms . rev iew 

The actions taken by a group of computer scientists at MIT during the worm invasion 
represents a study of human response to a crisis. The authors also relate the experiences 
and reactions of other groups throughout the country, especially in terms of how they 
interacted with the MIT team. 

8 Papers from Hotnets-ll: The dark side of the Web: an open proxy's view 
Vivek S. Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, Larry Peterson 
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January 2004 ACM SIGCOMM Computer Communication Review, volume 34 issue l 
V Publisher: ACM Press 

Full text available: t ^ jpdf(102.49 KB) Additional Information: full citation , abstract , references 

With the advent of large-scale, wide-area networking testbeds, researchers can deploy 
long-running services that interact with other resources on the Web. While such 
interaction can easily attract clients and traffic, our experience suggests that projects 
accepting outside input and interacting with outside resources must carefully consider the 
avenues for abuse of such services. The CoDeeN Content Distribution Network, deployed 
on PlanetLab, uses a network of caching Web proxy servers to intell ... 

9 Session 1 : On instant messaging worms, analysis and countermeasures 

Mohammad Mannan, Paul C. van Oorschot 
v November 2005 Proceedings of the 2005 ACM workshop on Rapid malcode WORM '05 

Publisher: ACM Press 

Full text available: ^pdf(186.53 KB) Additional Information: full citation , abstract , references , index terms 

We provide a collection of minor results on the area of Instant Messaging (IM) worms, 
which has received relatively little attention in the formal literature. We review selected 
IM worms and summarize their main characteristics, motivating a brief overview of the 
network formed by IM contact lists, and a discussion of theoretical consequences of 
worms in such networks. Existing methods to restrict an IM worm epidemic are analyzed 
in terms of usability and effectiveness, leading to the suggestion ... 

Keywords: instant messaging worms, scale-free networks 



10 System Administration: Anonymous ftp 
Mark Komarinski 
May 1995 Linux Journal 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: html(16.25 KB) Additional Information: full citation , index terms 



11 Storytelling evolves on the web: case study: EXOCOG and the future of storytelling | 
<£b Jim M,,ler 

^ January 2005 interactions, Volume 12 issue 1 
Publisher: ACM Press 

Full text available: f |pdf(1.21 MB) |g Addjtjona | information: full citation , abstract , references , index terms 
html(79.52 KB) 

The ubiquity and immersive capabilities of the Web have only recently allowed substantive 
advances in the age-old art of storytelling. Exocog was a set of Web sites that provided a 
five-week experiment in this new realm. It illuminates the balance that occurs between 
new modes of storytelling on the Web and the more traditional narrative elements that 
remain, offering a unique view of this still-evolving process. 

12 The SNet model: access, security and e-services for students 
0^ Anand Padmanabhan 

September 2003 Proceedings of the 31st annual ACM SIGUCCS conference on User 

services 
Publisher: ACM Press 

Full text available: ^ pdf(313.83 KB) Additional Information: full citation , abstract , references , index terms 

This paper will explore the SNet model that Hunter College of the City University of New 
York developed and implemented. During the Spring of 2002, CUNY as a central 
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organization (3rd largest in the country) envisioned a plan and strategy to enhance e- 
services to all their students, faculty and administrators. From this 'master' vision, Hunter 
College designed and derived the SNet model to provide efficient and effective services to 
students. This model not only looks at just providing eServices ... 

Keywords: SNet, communication, eServices, email, higher education, information 
technology, model, wireless 



13 Pedagogy: Database security curriculum in InfoSec program 
J& S. Srinivasan, Anup Kumar 

September 2005 Proceedings of the 2nd annual conference on Information security 
curriculum development InfoSecCD '05 

Publisher: ACM Press 

Full text available: |p pdf(95.26 KB) Additional Information: full citation , abstract , references , index terms 

Database Security course is an important part of the InfoSec curriculum. In many 
institutions this is not taught as an independent course. Parts of the contents presented in 
this paper are usually incorporated in other courses such as Network Security. The 
importance of database security concepts stems from the fact that a compromise of data 
at rest could expose an organization to a greater security threat than otherwise. Database 
vulnerabilities exposed recently in several high profile incident ... 

Keywords: database, encryption, inference, multilevel security, policy, privacy 



14 Hacked for the holidays: how an anonymous network attack almost brought One 

# Small Business to its Knees 
— — — 
E. Dibella 

March 2002 netWorker, volume 6 issue l 
Publisher: ACM Press 

Full text available: « pdf(385.81 KB) information: full citation, index terms 
jg} html(21.90 KB) 



15 Temporal sequence learning and data reduction for anomaly detection 
0^ Terran Lane, Carla E. Brodley 

August 1999 ACM Transactions on Information and System Security (TISSEC), Volume 2 

Issue 3 

Publisher: ACM Press 

Full text available: f B Ddf(628.31 KB) Additional lnformation: fu " citation ' references , citings, index 

LjJ "^ terms 

The anomaly-detection problem can be formulated as one of learning to characterize the 
behaviors of an individual, system, or network in terms of temporal sequences of discrete 
data. We present an approach on the basis of instance-based learning (IBL) techniques. 
To cast the anomaly-detection task in an IBL framework, we employ an approach that 
transforms temporal sequences of discrete, unordered observations into a metric space 
via a similarity measure that encodes intra-attribute depende ... 

Keywords: anomaly detection, clustering, data reduction, empirical evaluation, instance 
based learning, machine learning, user profiling 



16 A new way to access a supercomputer 
L. M. Andrade 
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A October 1989 Proceedings of the 17th annual ACM SIGUCCS conference on User 
Np* Services 
Publisher: ACM Press 

Full text available: pdf(784.39 KB) Additional Information: full citation , abstract , index terms 

One of the frustrations of being a user in the computing world is that there are so many 
different types of systems to learn. This is especially true for users of NCAR's computing 
facilities, most of whom are at various universities around the country. Typically, the 
university users do most of their computing on their local systems. When they need extra 
computing power, they are able to easily access the NCAR computing facilities without 
logging on to another machine. This is due to the In ... 

17 Regulating Internet payment intermediaries H 
^ Ronald J. Mann 

^ September 2003 Proceedings of the 5th international conference on Electronic 
commerce ICEC '03 

Publisher: ACM Press 

Full text available: |j| pdf(173.74 KB) Additional Information: full citation , abstract , references, index terms 

This paper examines legal and policy issues raised by changes in payment methods 
related to the rise of the Internet. The two major changes - the rise of P2P systems like 
PayPal, and the rise of Internet billing systems to replace the use of paper bills and 
checks -- both involve new intermediaries that facilitate payments made by conventional 
payment systems. The paper first discusses how those systems work. It then discusses 
problems in the framework currently used to regulate those systems i ... 

Keywords: EBPP systems, Gramm-Leach-Bliley, Internet, P2P payments, Regulation E, 
data privacy, electronic funds transfer act, gatekeepers, payment systems 
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